Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Nfs-utils rpc.statd Multiple Remote Format String Vulnerabilities
Information
Severity
Severity
Critical
Family
Family
RPC
CVSSv2 Base
CVSSv2 Base
10.0
CVSSv2 Vector
CVSSv2 Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
Solution Type
Solution Type
Vendor Patch
Created
Created
12 years ago
Modified
Modified
5 years ago
Summary
The host is running statd service and is prone to multiple remote format string vulnerabilities.
Insight
Insight
The flaws are due to errors in rpc.statd/kstatd daemons logging system. A call to syslog in the program takes data directly from the remote user, this data could include printf-style format specifiers.
Solution
Solution
Upgrade to latest of nfs-utils version 0.1.9.1 or later.